That indeed is a good idea worth considering...... I am going to have to sleep on it and decide between appserver ssh keypair remote commands or copies of chmod/chown with suid bit set.
Thanks for the suggestions guys. -Kieran On Nov 17, 2010, at 12:34 PM, Chuck Hill wrote: > > On Nov 17, 2010, at 6:03 AM, Kieran Kelleher wrote: > >> Hi all, >> >> Like many of you, I have custom scripts that use ssh to deploy woa apps. >> Scripts issue remote commands via ssh and script exec user's id_dsa has >> corresponding id_dsa.pub in the remote server's auth keys for admin and >> root. The problem is that root (apparently) is needed to set the chown on >> the woa bundles to appserver:appserveradm, however I would like to get away >> from needing root user remote ssh commands for security reasons. >> >> Assuming you all use chown of appserver:appserveradm and chmod of 550 on >> your deployed woa bundles (are you?), then the question is with respect to >> non-interactive, passwordless, secure remote deployment (copy, untar, chown, >> chmod) of WOAs, what user/ssh setup are you all using besides r...@remote, >> or is r...@remote the only way? >> >> Regards, Kieran > > You can also create copies of the chown and chmod with the SUID bit set: > http://en.wikipedia.org/wiki/Setuid. So instead of your script doing a > chmod, you would call (making up a name) chmodappserver. > > Chuck > > > -- > Chuck Hill Senior Consultant / VP Development > > Practical WebObjects - for developers who want to increase their overall > knowledge of WebObjects or who are trying to solve specific problems. > http://www.global-village.net/products/practical_webobjects > > > > > > > _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-deploy mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-deploy/archive%40mail-archive.com This email sent to [email protected]
